Magento Security Scan fails AngularJS version

Question

The Magento security scan tool failed our website after we upgraded to Magento 2.1.18.

Outdated JS Libraries - Failed. Outdated AngularJS library found, response body contains unexpected 'AngularJS v1.2.17-build.***+sha.********'

Any idea of how this can be fixed or checked?

As far as I know AngularJS is only used by Magento installation wizard.

Answer 1

Open angular.min.js from below both locations

vendor\magento\magento2-base\setup\pub\angular

setup\pub\angular

and remove the code

/* AngularJS vX.X.X (c) 2010-2018 Google, Inc. http://angularjs.org License: MIT */

i.e whatever in /* to */

This worked for me and now the site is at low risk.

Thank You Zuber

Answer 2

The issue is security scan is checking this URL on your site and finding an outdated version of AngularJS.

example.com/setup/pub/angular/angular.min.js

This file is only used by the installation wizard when the Magento installation is initially being set up. It's not required by websites in production.

Therefore this file does not need to be publicly accessible, if you change the permissions for this file in setup/.htaccess or your server config to deny access to this file will stop the security scan from failing and remove public access to the file.